Most Federal Cloud Decision Makers Frustrated With Risk Program

Nearly four out of five U.S. federal government cloud decision makers (79%) are frustrated with the Federal Risk and Authorization Management Program (FedRAMP), most commonly calling the process, “a compliance exercise,” according to a new report from MeriTalk, a public-private partnership focused on improving the outcomes of government IT.

Despite the General Service Administration’s (GSA) push to fix the process, 41% of the 150 decision makers surveyed online in April 2016 are unfamiliar with GSA’s plans to remedy FedRAMP.

The report also found that decision makers are frustrated with the lack of transparency into the FedRAMP process and unsatisfied with its efforts to increase security. More than half (55%) do not think FedRAMP has increased security.

While some think FedRAMP has successfully reduced duplicative efforts, many said the process is still too slow. Federal cloud decision makers remain uncertain about the process, with some ignoring the program entirely even though it is mandatory for federal agency cloud deployments and service models at the low and moderate risk impact levels.

Nearly one in five of those surveyed (17%) said FedRAMP compliance does not factor into their cloud decisions, while 59% would consider a non-FedRAMP-compliant cloud.